Initial Coin Offerings (ICOs) involve issuers offering virtual coins or tokens that are typically created and disseminated using distributed ledger or blockchain technology. Holders of virtual coins or tokens may have additional rights over and above those of merely the medium of exchange, such as rights to access the platform, utilize certain services, use the software, or otherwise participate in the project. In some cases, holders may also have rights to a return on their investment, or rights to participate in a share of the returns provided by the project or by the company backing the project.

Post-issuance, holders may resell certain virtual coins or tokens in a secondary market on virtual currency exchanges or other platforms. ICOs are typically announced on cryptocurrency forums and websites through a white paper describing the project and key terms of the ICO, subscription details, timeline, etc. To date, hundreds of ICOs have raised more than US$6 billion, with a plethora of prospective ICOs frequently reported in industry publications. In late 2017, ICO funding surpassed that of angel and early-stage VC funding combined.

As companies, including both tech startups and century-old multinationals alike, increasingly turn to ICOs as a funding mechanism and tool to revolutionize innovation and breakdown historic barriers to entry, regulatory scrutiny is intensifying. Financial services and securities regulators around the world, including the UK’s Financial Conduct Authority (FCA), the European Securities and Markets Authority (ESMA), the German Financial Supervisory Authority, and the US Securities and Exchange Commission (SEC), have made public statements reminding issuers and investors that coins or tokens issued via an ICO will fall within the full scope of securities law in those jurisdictions, if they meet the relevant characteristics for a security, whether or not such coins or tokens are labelled as a “utility” coin or token. In addition, certain jurisdictions (most notably China) have moved to prohibit fundraising through ICOs and require funds raised through ICOs to be returned to investors.

In the US, the SEC has recently issued a cease and desist order with respect to the Munchee Inc. (Munchee) ICO that emphasizes the fact that regulators will look to substance over form in determining whether an ICO token is a security. Munchee, a California-based company, was in the process of offering digital tokens (designated as “MUN” tokens) to investors through an ICO. The SEC determined that the ICO was an offering of securities without registration or an available exemption, notwithstanding that the digital tokens offered and sold in the ICO were intended to have a utility function.

The Munchee order demonstrates that the relevant facts and circumstances reviewed by regulators in assessing whether a token is a security will not be limited to the rights and interests the tokens are purported to provide the holders themselves, which may be of a utility or consumptive nature, but will also include the manner of the offering, including how the tokens were marketed and whether the promoter touted a potential increase in token value as well as any promise of secondary market trading.

In the United Arab Emirates, the Central Bank, the Securities and Commodities Authority (SCA), the DIFC Financial Services Authority (DFSA), and the ADGM Financial Services Regulatory Authority (FSRA) all potentially have jurisdiction over ICOs depending on the type of ICO and location where the ICO is issued or marketed. As of date of writing this article, the Central Bank and SCA have yet to issue any regulations or formal guidance on ICOs, but this should not be taken as guidance.

The DFSA issued a statement in September 2017 that “the DFSA would like to make it clear that it does not currently regulate these types of product offerings or license firms in the Dubai International Financial Centre (DIFC) to undertake such activities. Accordingly, before engaging with any persons promoting such offerings in the DIFC, or making any financial contribution toward such offerings, the DFSA urges potential investors to exercise caution and undertake due diligence to understand the risks involved.” The FRSA issued guidance at the same time that “issuances of Securities (as defined in Section 258 of FSMR), whether through a DLT (Distributed Ledger Technology) platform or other means, will see no difference in their treatment under our regulatory framework. Those issuers/market actors who seek to raise funds in a regulated, robust and transparent manner using new business models or technologies such as DLT are encouraged to engage with us as early as possible in the fundraising process.”

It is clear that as interest in issuing, marketing and participating in ICOs in the UAE develops, the guidance that will be issued by the relevant regulators will also develop so as to protect investors in ICOs and maintain confidence in the UAE financial services and securities market as a whole.

In jurisdictions where ICOs are not prohibited, but are subject to local securities regulations, issuers should understand the questions that regulators are asking when determining whether a coin offering is considered to constitute a traditional security as opposed to a utility coin or token.

As a general rule of thumb, a token is likely to fall within the definition of a financial instrument if it does any of the following:

• Gives the holder a right to share in the capital or participate in the profits of projects derived from the efforts of others.

• Creates a transferable debt instrument.

• Creates an instrument in favor of the holder, the value of which is based on an underlying index, commodity, currency, or other asset.

Crucially, any prospective ICO issuer must consider in advance the legal implications and structuring options of the ICO. Key structuring questions include:

1. What is the issuer’s target market/jurisdictions? How can the issuer ensure that its offering will only be made to that target market, to avoid triggering the securities laws of unintended jurisdictions? Determining in which jurisdictions an issuer is to make an offer may be difficult if an issuer publishes a public whitepaper over the internet, so password protection and IP address verification may become the norm.

2. Does the issuer want the coin or token to fall outside the definition of a security, recognizing that this may limit the purpose of the coin or token?

3. Alternatively, if the issuer wants the coin or token to have an investment purpose: a. Can the issuer rely on an exemption or combination of exemptions in the target jurisdictions to limit the impact of the securities laws/ requirements (e.g. through structuring the ICO as a private placement)? b. Does the issuer want to make a public offer and comply with the full scope of securities laws/requirements?

4. Are there other innovative structures that might achieve the issuer’s aims?

While ICOs may be blazing a new path through traditional fundraising mechanisms such as venture capital and capital markets, some issuers and investors may get burned in testing out the new limits of the path. Carefully thinking through questions on the nature of the offering before the issuance can help protect both issuers and potential investors.